Hi guys! I love your show ^^ I just finished listening to the episode on passwords, and wanted to throw my two cents in, since my methods weren't mentioned...

My first, and I think most effective, is sheer muscle memory--I usually use a password generator, change some of the characters given, and then type it a million times until my fingers do it for me. As a side benefit, you can't usually accidentally blurt out your password, since you know it by feel rather than by (aural) memory.

Also, I've found that changing your keyboard layout for a password can be an added layer of security...obviously as soon as someone figures out that you're using the layout it stops being helpful, but it's a basic find-and-replace kind of algorithm that can probably help if you use a password that would be otherwise guess-able.

And lastly, I was amused by the griping about having things delayed on the West Coast...but I can one-up you; I'm from Hawaii, and not only are things delayed, but we also occasionally get your time zone's broadcasts, so things that are at a normal hour for mainlanders end up being in the middle of the school/work day here, despite already being delayed! Haha, just had to throw that in.

But, keep up the great work on the show, really fantastic job!

keakealani Honolulu, Hawaii

---

entleman -

So after listening to your podcasts on passwords I am a little concerned on my practices. I believe that I have made secure passwords for all personal information. Unfortunately, I store them in a password protected Excel '03 file. After hearing Rafe rail on the security of such a thing, I believe that I have self-defeated my secure passwords by storing them in such a way. Where would you store all your passwords? I know you all mentioned were password managers. But what if I store it in my excel file that is password protected and in a hidden folder, that good enough?

Thanks again for doing the podcasts and I always look forward to it. Keep rockin' it.

Alan

--

I was surprised that there was no mention of pwdhash (http://crypto.stanford.edu/PwdHash/) in the password episode of RealDeal, particularly since it was developed at Stanford University, right down the road from CNET.

I really thought I'd be playing "Captain Obvious" by posting it as a great password solution. Do you have any opinions on pwdhash?